City of Atlanta IT Systems Hit by SamSam Ransomware

The Mayor of Atlanta, Georgia has confirmed today in a press conference that several local government systems are currently down due to a ransomware infection.

City officials said the ransomware infection took root earlier today, at around 5:40 AM, local time.

Some systems down but crucials services still up and running

Richard Cox, the City of Atlanta’s new Chief Operations Officer, said the infection affected several internal and customer-facing applications, such as the online systems that residents used to pay city bills or access court documents.

Cox, who is in his first week on the job, said that the infection did not affect the critical infrastructure such as the city’s water services, the local airport, and the public safety system.

Cox and his team are working with the FBI and DHS agents, but also with incident response teams from Cisco and Microsoft. Investigators are still assessing the damage and validating the infection’s impact on city systems.

City hasn’t decided if it will pay the ransom

Mayor Keisha Lance Bottoms expects city departments to open tomorrow, but operate without IT support.

Asked if the city plans to pay the ransom note, Mayor Bottoms said “We can’t speak to that right now. We will be looking for guidance from specifically our federal partners.”

Not all IT infrastructure were affected because the city was in the process of moving some systems to cloud services, and those were not affected.

According to 11Alive, a local TV station, the infection was caused by the SamSam ransomware, a strain that’s been very active at the start of this year, and had previously also infected the Colorado Department of Transportation.